feat: add handling for missing cookie in token and update error messages#1078
feat: add handling for missing cookie in token and update error messages#1078
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a dedicated global exception mapping for missing refresh-token cookies so session-based token refresh requests return a clearer, localized error response instead of falling back to generic handling.
Changes:
- Added a new common message key/value for “missing cookie in token” scenarios.
- Introduced a
MissingRequestCookieExceptionhandler inGlobalExceptionHandlerreturning a 401 response. - Added a corresponding enum constant to
CommonMessageConstant.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| backend/src/main/resources/community/messages/common-messages.properties | Adds a new localized error message for missing refresh-token cookie scenarios. |
| backend/src/main/java/com/skapp/community/common/exception/GlobalExceptionHandler.java | Handles MissingRequestCookieException and returns a standardized 401 error payload. |
| backend/src/main/java/com/skapp/community/common/constant/CommonMessageConstant.java | Adds a new message constant referencing the new properties key. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @ExceptionHandler(MissingRequestCookieException.class) | ||
| public ResponseEntity<ResponseEntityDto> handleMissingRequestCookieException(MissingRequestCookieException e) { | ||
| HttpStatus status = HttpStatus.UNAUTHORIZED; | ||
| String message = messageUtil.getMessage(CommonMessageConstant.COMMON_ERROR_MISSING_COOKIE_IN_TOKEN); | ||
| logDetailedException(e, CommonMessageConstant.COMMON_ERROR_MISSING_COOKIE_IN_TOKEN.name(), message, status); | ||
|
|
||
| return new ResponseEntity<>( | ||
| new ResponseEntityDto(true, | ||
| new ErrorResponse(status, message, CommonMessageConstant.COMMON_ERROR_MISSING_COOKIE_IN_TOKEN)), | ||
| status); |
There was a problem hiding this comment.
This handler returns a fixed message for missing cookies, but MissingRequestCookieException provides the actual missing cookie name. Since this is a global handler, hardcoding refreshToken in the message will become misleading if any other endpoint later requires a different cookie. Consider parameterizing the message (e.g., using {0} in the properties file) and passing e.getCookieName() via messageUtil.getMessage(..., new Object[]{...}) so the response stays accurate.
| @ExceptionHandler(MissingRequestCookieException.class) | ||
| public ResponseEntity<ResponseEntityDto> handleMissingRequestCookieException(MissingRequestCookieException e) { | ||
| HttpStatus status = HttpStatus.UNAUTHORIZED; | ||
| String message = messageUtil.getMessage(CommonMessageConstant.COMMON_ERROR_MISSING_COOKIE_IN_TOKEN); | ||
| logDetailedException(e, CommonMessageConstant.COMMON_ERROR_MISSING_COOKIE_IN_TOKEN.name(), message, status); |
There was a problem hiding this comment.
New behavior is introduced for missing refreshToken cookie requests, but there is no corresponding integration test coverage. Add an AuthController integration test for POST /v1/auth/session/refresh-token without the refreshToken cookie asserting the 401 response and the expected error payload/message key, to prevent regressions.
|
2 participants
PR checklist
TaskId: (https://github.com/SkappHQ/skapp/issues/[id])
Summary
How to test
Project Checklist
npm run formatnpm run check-lintOther
PR Checklist
ready-for-code-review)Additional Information